Overview

URL 26472.xc.wenpie.com/xiaz/heu@34_146163.exe
IP114.55.188.114
ASN
Location China
Report completed2019-02-22 07:21:22 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-02-22 2 26472.xc.wenpie.com/xiaz/heu@34_146163.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 114.55.188.114

Date UQ / IDS / BL URL IP
2019-05-22 01:43:23 +0200
0 - 0 - 1 url.222bz.com/down/sony%20vegas%20pro11%E6%B3 (...) 114.55.188.114
2019-05-22 01:43:16 +0200
0 - 4 - 1 url.222bz.com/down/memtest%E5%86%85%E5%AD%98% (...) 114.55.188.114
2019-05-22 01:43:14 +0200
0 - 4 - 1 url.222bz.com/down/b%E8%BD%BD%E5%99%A80.4.7.7 (...) 114.55.188.114
2019-05-22 01:43:14 +0200
0 - 0 - 1 url.222bz.com/down/photoshop@212_64955.exe 114.55.188.114
2019-05-22 01:43:13 +0200
0 - 4 - 1 url.222bz.com/down/photoshop%20cs6%20%E5%AE%8 (...) 114.55.188.114
2019-05-22 01:43:09 +0200
0 - 0 - 1 url.222bz.com/down/loadrunner11@289_61971.exe 114.55.188.114
2019-05-22 01:43:05 +0200
0 - 0 - 1 url.222bz.com/down/KBOX%E8%99%9A%E6%8B%9F%E8% (...) 114.55.188.114
2019-05-22 01:43:02 +0200
0 - 0 - 1 url.222bz.com/down/PDF%E5%88%86%E5%89%B2%E5%9 (...) 114.55.188.114
2019-05-22 01:42:59 +0200
0 - 4 - 1 url.222bz.com/down/matlab2015b%E4%B8%AD%E6%96 (...) 114.55.188.114
2019-05-22 01:42:54 +0200
0 - 4 - 1 url.222bz.com/down/mscomctl.ocx@213_26723.exe 114.55.188.114

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-05-22 01:43:26 +0200
0 - 0 - 1 url.222bz.com/down/sohuva-v5.0.3.32@248_30842.exe 139.224.39.0
2019-05-22 01:43:23 +0200
0 - 0 - 1 url.222bz.com/down/sony%20vegas%20pro11%E6%B3 (...) 114.55.188.114
2019-05-22 01:43:22 +0200
0 - 4 - 1 url.222bz.com/down/microsoftofficepowerpoint2 (...) 139.224.39.0
2019-05-22 01:43:19 +0200
0 - 0 - 1 url.222bz.com/down/lol%E9%9F%A952016@154_1072 (...) 139.224.39.0
2019-05-22 01:43:18 +0200
0 - 4 - 1 url.222bz.com/down/ufffdufffdufffdufffdufffdu (...) 139.224.39.0
2019-05-22 01:43:17 +0200
0 - 2 - 1 url.222bz.com/down/mp3@289_72908.exe 139.224.39.0
2019-05-22 01:43:16 +0200
0 - 4 - 1 url.222bz.com/down/memtest%E5%86%85%E5%AD%98% (...) 114.55.188.114
2019-05-22 01:43:14 +0200
0 - 4 - 1 url.222bz.com/down/b%E8%BD%BD%E5%99%A80.4.7.7 (...) 114.55.188.114
2019-05-22 01:43:14 +0200
0 - 0 - 1 url.222bz.com/down/photoshop@212_64955.exe 114.55.188.114
2019-05-22 01:43:13 +0200
0 - 4 - 1 url.222bz.com/down/photoshop%20cs6%20%E5%AE%8 (...) 114.55.188.114

No other reports on domain: wenpie.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /xiaz/heu@34_146163.exe HTTP/1.1 
Host: 26472.xc.wenpie.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         101.201.62.45
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Fri, 22 Feb 2019 06:20:51 GMT
Content-Length: 1343536
Connection: keep-alive
Content-Disposition: attachment; filename*="utf8''heu@34_146163.exe"


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   1343536
Md5:    12c4cf0e304d80b1e477abb794ae7784
Sha1:   9b89ae0158a590f89cfa710e84205c1ded1b87f7
Sha256: d5def93088f48ddc91cb47114b89453c793c87d0b411a91ded6aec7b822a3fb1

Alerts:
  Blacklists:
    - fortinet: Malware